08-28-2014 06:01 PM
Not sure what happened but all of a sudden none of our devices are able to authenticate with our radius controlled SSID.
The NPS srver is running fine the Aruba 7210 is running fine I ahve not gotten any errors reports.
We Have 4 SSID.
one is Captured portal Guest. That works fine.
second is PSK Guest for internal user mobil devices. That works fine
Third is a very long and complicated PSK for our internal network which is used for our hand scanners. That works fine.
The forth and last is a Radius Authenticted Domain joined network nothing can authenticate for this now.
We use 802.1x machine and user authentications for the third network using AD groups for the authenticated users and Domain Computers group for the devices.
This way only domain joined devices and authenticted users on our domain cn connect to the network.
This was working fine but then I recently realised when i went to do a restart of the NPS server that there were no devices connected to this network. At first since a lot of the users that normally wirlessly connect to this network were away I figured there as nobody using it.
After the restart I noticed that still no devices coudl connect to this network.
Any ideas on what could cause this?
08-28-2014 06:02 PM
08-28-2014 06:37 PM
Hey thanks for the response.
The only error I coudl find on the nps is this error
"A Radius messsage was received from the invalid Radius client ip address ""
The IP it was pointing to is for one of our servers which does not even have wireless not sure why that error came up.
As for the second one for some reason I can't rember the enable password I tried every password we would have used but none are accepted.
I just tried to go through the reset admin password process but get hit with access denied when I enter the forgetme! password.
Any ideas on how to reset the enable password?
08-28-2014 07:11 PM
I was going to use the controller wizard again but even tho I haven't changed anything but the enable password it keeps telling me that the 0/0/0 uplink port has changed and requires a reboot.
I can go ahead with this but not sure if it is going to stuff up our configurations.
Everything looks correct just dont want to bring it all down as we had a contractor com in and do our original configuration.
08-29-2014 04:47 PM
You have to see in the evenviewer in NPS why it is rejecting that user. If you had the wrong nas-ip, the radius server would just not respond and the controller would say that the server timed out.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
08-31-2014 04:45 PM
Hy guys thanks for the replies.
Going through all of the logs on the server, the controller and the client trying to connect.
These are the below errors that seem to realte to the failed connection.
ON the Client.
I am getting event 36888 "The following fatal alert was generated: 45. The internal error state is 552.
Event 36881 "The certificat received from teh remote server has either expird or is not yet valid. The SSL connection request has failed. The attached data contains the server crtificate.
The NPS server is giving me a warning tell me he Certificate for local system wih Thumbprint "" is about to expire or already expired.
I looks like the certificate on the nps server has expired although I am not sure.
It should not have expired aleady.
Hope that helps.
08-31-2014 06:29 PM - edited 08-31-2014 06:30 PM
If you want to check if the certificate expired
You can see that information though the NPS console here:
You can check the expiration date there.
I know its on spanish but its on network policies, and on constrains tab i think its in english.
Product Manager - Aruba Networks
08-31-2014 06:36 PM - edited 08-31-2014 06:37 PM
Yeap I checked it and the certificate had expired on the 24/08/2014 so I am just waiting for our head office to renew it for me.